package com.example.controller;

import com.example.exception.CustomLoginException;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

/**
 * Created with IntelliJ IDEA.
 * Description:
 * User: 86187
 * Date: 2023-10-24
 * Time: 20:35
 */
@RestController
@RequestMapping("/test")
public class HelloController {

    /**
     * PreAuthorize 注解用于在方法调用前进行鉴权认证
     * PostAuthorize 用于在方法调用后进行鉴权认证。
     *
     * hasRole(), hasAuthority()
     *
     */
    @RequestMapping("/hello")
    // 只有拥有 “system:test” 权限的用户才能访问方法。
//    @PreAuthorize("hasAnyAuthority('system:test')")
    @PreAuthorize("@ex.hasAnyAuthority('system:test')") // 自定义权限规则
    public String hello() {
        return "hello spring security";
    }


    @PostMapping("/test")
    public String test() {
        return "基于配置的权限控制";
    }
}
